The full story is here (http://www.theregister.co.uk/content/4/27074.html)



By Thomas C Greene in Washington
Posted: 11/09/2002 at 13:15 GMT


A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement. A good sketch of the problem in English, along with a harmless self-test, can be found here, thanks to Mike at http://unity.skankhouse.org, who did some tinkering after noticing a tip on a BBS.




To verify the exploit all you need to do is pop the following request into any address bar (IE, Win Explorer, etc): hcp://system/DFS/uplddrvinfo.htm?file://c:\test\* and the directory 'test' will be emptied after a couple of Help Center 'wizard' pages pop up uselessly to distract you......

The example works as advertised, so anyone wanting to play with it should create a test directory with copies of files. Of course you can delete your entire root directory with this approach if you so choose.......

I heard about this the other day from one of my buddies. I don't understand why M$ wouldn't say something about it. This is the sort of stuff that makes me mad about those rich aholes. But that is just me. I hope there is a way to fix it.......

This (http://grc.com/xpdite/xpdite.htm) will fix it, and you can also read the full story over there.

grc.com is the best...

Bit annoying to see some sits are only posting about this now. Came out over a month ago;
http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.html , which is when I posted about it ;)

Resolution:
-----------------
Microsoft have noted they intend to roll the fix into SP1 for XP. I informed Microsoft I would be publishing this advisory in mid August during correspondance (late June) and received no objections.